net/frr/patches/053-nhrpd_replace_socket.patch

   1 From 354196c027e81affb05163a6c3676eef1ba06dd9 Mon Sep 17 00:00:00 2001
   2 From: Zoran Pericic <zpericic@netst.org>
   3 Date: Sat, 25 Jan 2020 19:38:39 +0100
   4 Subject: [PATCH] nhrp: Make vici socket path configurable
   5 MIME-Version: 1.0
   6 Content-Type: text/plain; charset=UTF-8
   7 Content-Transfer-Encoding: 8bit
   8
   9 nhrp: Configure vici socket path using
  10
  11 configure --with-vici-socket=/var/run/charon.vici
  12
  13 If not specified default to /var/run/charon.vici
  14
  15 Signed-off-by: Zoran Peričić <zpericic@netst.org>
  16 ---
  17  configure.ac              | 8 ++++++++
  18  doc/user/installation.rst | 4 ++++
  19  nhrpd/README.nhrpd        | 3 ++-
  20  nhrpd/vici.c              | 2 +-
  21  4 files changed, 15 insertions(+), 2 deletions(-)
  22
  23 --- a/configure.ac
  24 +++ b/configure.ac
  25 @@ -139,6 +139,13 @@ AC_ARG_WITH([yangmodelsdir], [AS_HELP_ST
  26  ])
  27  AC_SUBST([yangmodelsdir])
  28
  29 +AC_ARG_WITH([vici-socket], [AS_HELP_STRING([--with-vici-socket=PATH], [vici-socket (/var/run/charon.vici)])], [
  30 +       vici_socket="$withval"
  31 +], [
  32 +       vici_socket="/var/run/charon.vici"
  33 +])
  34 +AC_DEFINE_UNQUOTED([VICI_SOCKET], ["$vici_socket"], [StrongSWAN vici socket path])
  35 +
  36  AC_ARG_ENABLE(tcmalloc,
  37         AS_HELP_STRING([--enable-tcmalloc], [Turn on tcmalloc]),
  38  [case "${enableval}" in
  39 @@ -2480,6 +2487,7 @@ group for vty sockets   : ${enable_vty_g
  40  config file mask        : ${enable_configfile_mask}
  41  log file mask           : ${enable_logfile_mask}
  42  zebra protobuf enabled  : ${enable_protobuf:-no}
  43 +vici socket path        : ${vici_socket}
  44
  45  The above user and group must have read/write access to the state file
  46  directory and to the config files in the config file directory."
  47 --- a/doc/user/installation.rst
  48 +++ b/doc/user/installation.rst
  49 @@ -383,6 +383,10 @@ options to the configuration script.
  50     Look for YANG modules in `dir` [`prefix`/share/yang]. Note that the FRR
  51     YANG modules will be installed here.
  52
  53 +.. option:: --with-vici-socket <path>
  54 +
  55 +   Set StrongSWAN vici interface socket path [/var/run/charon.vici].
  56 +
  57  Python dependency, documentation and tests
  58  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  59
  60 --- a/nhrpd/README.nhrpd
  61 +++ b/nhrpd/README.nhrpd
  62 @@ -126,7 +126,8 @@ Integration with strongSwan
  63
  64  Contrary to opennhrp, Quagga/NHRP has tight integration with IKE daemon.
  65  Currently strongSwan is supported using the VICI protocol. strongSwan
  66 -is connected using UNIX socket (hardcoded now as /var/run/charon.vici).
  67 +is connected using UNIX socket (default /var/run/charon.vici use configure
  68 +argument --with-vici-socket= to change).
  69  Thus nhrpd needs to be run as user that can open that file.
  70
  71  Currently, you will need patched strongSwan. The working tree is at:
  72 --- a/nhrpd/vici.c
  73 +++ b/nhrpd/vici.c
  74 @@ -478,7 +478,7 @@ static int vici_reconnect(struct thread
  75         if (vici->fd >= 0)
  76                 return 0;
  77
  78 -       fd = sock_open_unix("/var/run/charon.vici");
  79 +       fd = sock_open_unix(VICI_SOCKET);
  80         if (fd < 0) {
  81                 debugf(NHRP_DEBUG_VICI,
  82                        "%s: failure connecting VICI socket: %s", __func__,